package com.example.springbootxss.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import javax.servlet.http.HttpServletRequest;

@Controller
@RequestMapping("/api/xss")
public class XssController {

    @RequestMapping("/javascript")
    public String index(HttpServletRequest request) {
        request.setAttribute("info", request.getParameter("xss"));
//        测试用例
//       http://localhost:8080/api/xss/javascript?xss=<script type="text/javascript"> window.location.href="https://www.baidu.com/"; </script>
        return "testXss";
    }

}
